> OK, I submitted a couple of security issues. Could someone comment on
> whether I followed the proper procedure, use the proper form for
> entries in the audit list, etc?
It looks fine. Don't every worry about that, we keep these in CVS so it's
easy to fix mistakes or disagreements.
Something we should all keep in mind is the format and how to improve it.
I've come to think that the 'bz' before each bug is a bit silly and a waste
of space.
>
> Also, one of the bugs was noted as perhaps not being a security issue.
> I don't really want to be in the position of deciding what is and is
> not a security issue, but I'd like to know: is there agreement that I
> should not have entered one or both of those issues at all?
If it has a CVE id (which they both do now), it goes in the file. We can
decide if something should be considered a security issue or not though.
In those instances, we'll put an entry like this (assuming somehow a CVE id
got assigned to someone claiming being losing to the computer is a security
flaw).
CVE-XXXX-XXXX ignore (netpanzer) losing to bots is not an issue
--
JB
